• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

Socks 4, 5 - Wingate Proxy

This sucks :(

Got a call from my T1 provider today and it seems that my server (Win 2003 Enterprise) has been hacked...  Ports 23 & 1080 are showing Socks 4 & 5 and Wingate Proxy vulnerabilities, and my SPAM abuse rating is at 4.5 per senderbase.org.  I am not purposefully running a proxy server, I am running the basic firewall in Routing and Remote Acess, and only have a few ports open of which 25 & 1080 are not open in RaRAS.

This server is a multiple occupancy building where everyone shares the same T1 and just uses differnt local IP's (eg: 192.168.20.x, 192.168.30.x, etc.).  So I am assuming that the hack came from one of the other IP blocks via the internet because I am using Group Policy to lock up what functions I don't want the user to have.

So...  now that you guys have the background, what should I do?  I have a Sonicwall Pro 200 I can put in place, but would rather use a software solution as I am not a fan of hardware firewalls.  They are cumbersome and hard to maintain from remote.  Also I need to protect the Inside of the LAN form the other IP ranges.  I am considering MS ISA Server, but would rather get the opinion of you guys first...  Thanks :)
0
mikemaner
Asked:
mikemaner
  • 5
  • 5
1 Solution
 
plimpiasCommented:
OK..this question you have is subjective. From my opinions..keep in mind i used to love ISA..because of packet filtering and how you can specify things down to the packet level. But think about the big picture. with ISA 2000 there were several exploits that made the firewall vulnerable...ok what? a firewall vulnerable..what a joke. second how many patches did microsof come out with? 20 plus? and 2 Service packs! wow..lots of mistakes. third, ISA takes way to much memory and processor speed from your computer. fourth to run ISA correctly microsoft recommends to use ISA with a dedicated computer..(more money). Ok so you get the point. for 1400 buck you can get yourself a nice little pix firewall..if u want remote access enable a telnet user name and password. just set it and forget it..no maintaince..no down time..just a nice little hardware firewall doing its think. I really recommend a firewall solution. Sonic wall is also i good firewal but its not one of my top choices. I would go PIX Cisco firewall. Or watchgaurd firewall. then make other choices. both pix and watchgaurd can be remotely administered. with you situation that you have..first update your server with all critical updates. make sure all of them are installed. go to GRC.com and run shields up to make sure you dont' have extra ports open. do a full system scan of antivirus and run fix tools if some are found and can't be fixed. GET a hardware firewall solution..

if you have any questions...let me know.
0
 
mikemanerAuthor Commented:
well, I have 2 options at this point (a PIX Firewall won't work in this situation unfortunately)...  I can either set up ISA on the existing AD aor I can setup a Linux box and Run Squid.  

I personally would rather run ISA, just because I have tried to stay in the Microsoft envelope on this job.  But I have no experience in setting it up and if my assumptions are correct, it's not an easy job to set up ISA on an existing DC, it wants to be on it's own.  So, if there's any help out there on how to setup ISA I would be greatly in your debt :)
0
 
plimpiasCommented:
OH yeah not a problem. http://www.isaserver.org/ has awesome tutorials for this. You can find anything that has to do with ISA.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
mikemanerAuthor Commented:
I have actually looked there, and unless I'm just pulling a stupid I haven't seen any step by step guides.
0
 
plimpiasCommented:
Yeah your pulling a stupid then. They have all the toturials. Just need to search for what you are looking for.
0
 
mikemanerAuthor Commented:
DOH!, i just cant figure out what I'm doing wrong here.  I can get it installed fine, but it wont connect to the AD and DNS & RAS Dont work either.  I know your not technically supposed to do an ISA install on your primary DC, but it's really the only option I have...  Any Ideas?
0
 
plimpiasCommented:
Are u using ISA 2004? cause that install is a little different then 2000?
0
 
mikemanerAuthor Commented:
Yep, using ISA 2004 on Windows Server 2003 Enterprise Edetion, running DC, DHCP, RaRAS, DNS (Root Hints, no Forwarders).  Pretty standard install.
0
 
plimpiasCommented:
Ahh...you have to add a policy. to allow local host to your internal network. allow always. and do the same with the internal network to the local host.
0
 
mikemanerAuthor Commented:
Could you elabotate on that a bit?  I'm a bit confused :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now